package com.ulic.customerManApplication.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class BugFilter implements Filter {

    public BugFilter() {
    }

	public void destroy() {
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		if(!isBugInvade(request)) {//如果BUG入侵
			chain.doFilter(request, response);
		} else {
			response.reset();
			response.getWriter().println("");
		}
	}
	
	private boolean isBugInvade(ServletRequest request) {
		java.util.Enumeration<String> e = request.getParameterNames();
		boolean isBugInvade = false;
		while(e.hasMoreElements()) {
			String key = e.nextElement();
			if(key.indexOf("getWriter") != -1 || 
					key.indexOf("FileOutputStream") != -1 || 
					key.indexOf("getRuntime") != -1 || 
					key.indexOf("getRequest") != -1 || 
					key.indexOf("getProperty") != -1 || 
					key.indexOf("\\u0023") != -1 || 
					key.indexOf("\\43") != -1) {
				isBugInvade = true;//是bug入侵
				break;
			}
		}
		return isBugInvade;
	}

	public void init(FilterConfig fConfig) throws ServletException {
	}

}
